Hi there,

Anyone providing traffic shaping for their users over a large (2000 nodes plus) network that can offer up any advice on kit that works?

Cheers,
Mike.

Yes: Have a look at Either Riverbed or Replify.

The only one I have actually had hands on with is PacketShaper used to be made by packeteer but looks like bluecoat have bought them out.

http://www.bluecoat.com/products/packetshaper?hprefer=products

Prism Technology Wales Ltd | We're on Twitter PrismTechWales (http://twitter.com/prismtechwales)
IT Support Cardiff (http://www.prismtechwales.co.uk/it-support-cardiff) | Web Design & Development Cardiff (http://www.prismtechwales.co.uk/web-design-cardiff) | SEO, PPC, Online Marketing Cardiff (http://www.prismtechwales.co.uk/seo-cardiff) | Software Development Cardiff (http://www.prismtechwales.co.uk/software-development-cardiff)

Yes: Have a look at Either Riverbed or Replify.

Having had a look at them both, they're both WAN deduplication products rather than traffic shapers per se. Might come in handy as an augmentation, but my focus is more on stopping misuse/overuse much like an ISP would, rather than this just yet.

Thanks though :)

No problem. I thought you might have been after WAN optimisation. I have experience of Packeteer as well as Riverbed (not Replify though) and Riverbed is so much better than Packeteer. Riverbed does provide traffic shaping as well but does major on the deduping capabilities.

Are you after something that will throttle individual connection to stop access to certain sites? Or both.

I'm more after something that would throttle P2P access or provide accountability on monthly data throughput so that the service provided to others wasn't negatively affected by someone using bittorrent 24x7.

There are only 2 sensible ways to do it and it depends on your view of the world which is best. Packeteer were bought by BlueCoat, but the PacketShaper still exists, so you could buy one of those and put it in your network, or we have a cloud based solution, where there is no capital cost, just a subscription and it will let you do what you want as well as running virus filters, content filters, etc on your internet activity

There is tc (http://www.linux.org/docs/ldp/howto/Traffic-Control-HOWTO/intro.html) for Linux, m00nwall (http://doc.m0n0.ch/handbook/trafficshaper.html) for FreeBSD, pf/ALTQ (http://www.openbsd.org/faq/pf/queueing.html) for OpenBSD. Depends if you want roll up your sleeves or not. They all use the same principles but the methods will vary.

There are only 2 sensible ways to do it and it depends on your view of the world which is best. Packeteer were bought by BlueCoat, but the PacketShaper still exists, so you could buy one of those and put it in your network, or we have a cloud based solution, where there is no capital cost, just a subscription and it will let you do what you want as well as running virus filters, content filters, etc on your internet activity

I'm curious, how exactly do you expect a cloud solution to reduce my customers' internet traffic usage?

You proxy through the cloud and can set bandwidth limits, or block traffic types completely

So I send all my traffic externally, for you to tell it to be blocked....

How does this reduce my external traffic usage?

It sounds like it probably increases it :)

There is tc (http://www.linux.org/docs/ldp/howto/Traffic-Control-HOWTO/intro.html) for Linux, m00nwall (http://doc.m0n0.ch/handbook/trafficshaper.html) for FreeBSD, pf/ALTQ (http://www.openbsd.org/faq/pf/queueing.html) for OpenBSD. Depends if you want roll up your sleeves or not. They all use the same principles but the methods will vary.

Yes: tc really is at the heart of this sort of thing. Here is an interesting document on Open Source traffic shaping user the various Linux facilities available: http://bwm-tools.pr.linuxrulz.org/BMO-Notes-Final3.pdf.

It does depend how much work you want to put in yourself to get the result as opposed to purchasing an off the shelf system which could cost quite a bit.

Can you explain a bit more about where you want to reduce the bandwidth. I assume it's not at each customers DSL connection?

So I send all my traffic externally, for you to tell it to be blocked....

How does this reduce my external traffic usage?

Your question was "throttle P2P access or provide accountability on monthly data throughput" so if you apply QoS in the cloud and directory integration you can limit the the bandwidth assigned to a traffic class and you can determine the user credentials from AD. So if your user requests a big file from iplayer, oe eDonkey, or ..., you might decide to allow them access (or not) and restrict them to 5%, 20%... of the pipe. You might alow them quotas during the day, so 1 hour access thoughout the day. You can divide users into classes, so you might allow the boss more access than someone else. Up to you how you slice and dice it. Being in the cloud just makes it easier to control all egress points in a distributed environment, but if you just have one location and are happy to stump up for a box, put a PacketShaper in.

Your question was "throttle P2P access or provide accountability on monthly data throughput" so if you apply QoS in the cloud and directory integration you can limit the the bandwidth assigned to a traffic class and you can determine the user credentials from AD. So if your user requests a big file from iplayer, oe eDonkey, or ..., you might decide to allow them access (or not) and restrict them to 5%, 20%... of the pipe. You might alow them quotas during the day, so 1 hour access thoughout the day. You can divide users into classes, so you might allow the boss more access than someone else. Up to you how you slice and dice it. Being in the cloud just makes it easier to control all egress points in a distributed environment, but if you just have one location and are happy to stump up for a box, put a PacketShaper in.

These guys won't be part of my AD structure. Also what happens if they attempt to obfuscate p2p traffic shaping? Can I traffic shape by IP address to give them (for example) a 100gbyte/month quota? and also limit bursting when they ARE downloading huge files from everywhere?

I'm not anti 'cloud' services, I'd just like to understand them more. e.g. what is used at the local internet egress in order to send the data requests to the cloud?

I'm currently looking at virtualised routers and how they'd do with traffic shaping, as I assume i'll have to sit between any data flow from my users to the internet in whatever I do.

You can setup the edge router to force the traffic through the cloud as a proxy (there are other ways, but they can't work round that). Yes, you can do IP address. You can define a big file and say files larger than xMB get cut back to y% of the pipe. Can do daily bandwidth quota, monthly is on the roadmap.

Hi,

My advice is to get your self a local Cisco router which is very good at policing and setting up QOS..map etc.. and better control..setting up a proxy to the cloud might be a security risk, your users data are either cached and sent in clear text...

Hi,

might be a security risk, your users data are either cached and sent in clear text...

Might be, but that is true of any part of the internet and neither happens to be true in this case

Hello,
i have google adsense account
but i can not earn,
any one can guide me....

ripai
Might be, but that is true of any part of the internet and neither happens to be true in this case
-------
Your statement is not fully correct as its isn't "any part of the internet"
unless you are also offering a way to encapsulate end-users data either via ipsec/ssl to your cloud.

by the way "HTTPS" data isn't sent in clear text.

ripai
Might be, but that is true of any part of the internet and neither happens to be true in this case
-------
Your statement is not fully correct as its isn't "any part of the internet"
unless you are also offering a way to encapsulate end-users data either via ipsec/ssl to your cloud.

by the way "HTTPS" data isn't sent in clear text.

No, I mean you have no idea what really happens to your traffic on the internet, which is why firms like Rapport exist, even if you are running ssl, it's tough to be certain you don't have a man in the middle attack. Neither do you know the page you are visiting hasn't been hacked. My point is the internet is an uncertain world and this is no more dangerous than any other part, but it doesn't cache data, nor is it sent in clear text, unless you want it to be, which was your point